Air Force leaders tout cyber capabilities

By Amber Corrin

Oct 11, 2012

Air Force officials said the service is making significant progress in defensive and offensive capabilities, as well as in understanding what is happening on the networks, in speeches at AFCEA Air Force IT Day in Vienna, Va.

Cyber is no longer a new domain, but it is taking time to structure the governance and capabilities required in any realm of warfare, the leaders said.. Another critical factor that must be included is the enterprise view – including interoperability across the Air Force and with the other services.

"The enterprise network and services will be the foundation of which we use information to create effects across air, space and cyberspace domains. We need resiliency in our hardware, our software and the applications. That resiliency will provide us…with the ability to fight through an attack," said Lt. Gen. Michael Basla, Air Force CIO (pictured). "Over the years we’ve spent a lot of time and energy protecting our information. We’ve certainly bolstered networks to provide availability…but we haven’t made quite as much tension to developing a consistent, repeatable and reliable way of guaranteeing the integrity of our information."

While it is a broad, force-wide issue that encompasses a range of moving parts, the Air Force is taking on cyberspace with equally extensive approaches. Basla said the service is bringing in outside help to get a better idea of limitations.

For example, the Air Force has tapped RAND to provide an analysis of malicious network activities’ effects on command and control systems.

The Air Force is also enlisting aid to boost its capabilities, particularly by partnering with industry and leasing services.

According to Brig. Gen. Burke Wilson, deputy commander of Air Forces Cyber, the service is beefing up both defense and offense on its networks. That means a new approach to defense that combines cyber and more conventional defensive methods, using proactive, mission-focused tactics that allow for faster reaction and better network visibility, he said.

We’re expanding the mission. Clearly there is a threat out there – hypothetically speaking – I’m not going to stand up here and confirm or deny anything," Wilson said.

Wilson said that Gen. Keith Alexander, Cyber Command commander and NSA director "terms it as the largest theft of intellectual capital in history. We can’t wait for zero-days to hit; we have to be able to see across the network," Wilson said. "We’re beginning to integrate cyber into [more traditional] processes. The metric isn’t the number – the metric is the quality of the communications and synchronization across the full spectrum."

That full-spectrum visibility and understanding – a sense of situational awareness both within and beyond cyberspace – remains a soft area, particularly since the domain is newer than the traditional land, sea, air and space spheres, the officials noted. Basla said it is an area the Air Force is actively targeting.

"That is probably one of the highest priorities of our senior leaders. That is absolutely one of those [research and development] activities we have on the table right now," Basla said. "We need to continue to grow that situational awareness cyber picture, and then secondly…get the cross-domain picture between air, space and cyberspace, because you’re going to find tippers when you look across those domains, and you’ll derive way more intelligence value."

Wilson offered an example of this idea at work today within the service’s networks. The Air Force gateway, a perimeter defense approach for the 21st century, is already paying dividends by providing the ability to detect and quickly react to cyber incidents, including through the use of signatures, he said.

"We were seeing more than a thousand attacks come at us in the Air Force gateway…we thought we had a thousand attacks on our networks, but what was really going on was there was one [adversary] delivering those worms through a botnet. We were able to characterize that in real time and communicate that back up [the DOD chain of command]," Wilson said. "Because we had those gateways in place, we didn’t have to do clean-up on aisle nine across thousands of machines. That’s really the key."

The Air Force gateway is just one example of the layered, proactive defense-in-depth the service is pursuing, Wilson stated – part of broader objectives that provide indications, warnings and remote forensic analysis, preserve bandwidth and enable cleanup and reduce threat response time. The force also is employing reconnaissance and counter-reconnaissance operations that further sharpen defenses.